measure-artifacts
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/metrics_engine.pyfile executesgit showcommands viasubprocess.run. It incorporates therepo_rootpath andcommit_shaidentifiers into the command arguments. While it avoids shell interpolation, executing sub-processes with externally-sourced parameters is a monitored behavior. - [REMOTE_CODE_EXECUTION]: In
scripts/metrics_engine.py, theload_modulefunction usesimportlib.utilto dynamically load and execute modules from other skill directories (e.g.,guide-planning,add-subfeature). This runtime execution of scripts from relative paths constitutes dynamic code loading. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted markdown and metadata.
- Ingestion points: Processes
slice-traceability.mdand metadata files inscripts/metrics_engine.py. - Boundary markers: None. Output is produced without clear delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can execute shell commands and write to files.
- Sanitization: Content from the file system is not sanitized before being rendered to the agent.
Audit Metadata